Saviynt Forums

joy5toys · ‎05/16/2022

Unable to locate any information in the UNIX connector about handling sudo access in the /etc/sudoers file for AIX, HP-UX and RHEL.

Currently, the process is handled manually where the SME logs onto the UNIX/Linux server and perform the job using visudo and adds two lines:

# a comment/ justification/owner
<user ID> /bin/rm, /bin/chown, /bin/chmod, /tmp/[0-9]*/pr.sh

or for a group:

%<group name> All =(root) /bin/su - <group name>, /usr/bin/su <group name>, /usr/bin/su <group name>, /usr/bin/su - <group name>

Another use case is where the account is granted root access:
<user ID> ALL=(root) /bin/su -, /bin/su - root

Can this process be automated through the UNIX connector when an account is provisioned or modified?

Thanks.

sahajranajee · ‎05/18/2022

Hello,

We cannot manage the /etc/sudoers file directly from the Connector. You should be able to run commands to directly add users to sudo using usermod but your use case is not directly achievable .

Regards,
Sahaj Ranajee
Sr. Product Specialist

joy5toys · ‎05/18/2022

Hello Sahaj:

A follow up, if I may, while dealing with this topic.

We have identified the following use cases that I need to validate:

For AIX target servers, are these commands not supported as well?
- Granting an account remote login as follows: chuser rlogin=true unsuccessful_login_count=0 expires=0 <account>
- Password reset: pwdadm -c <account>
- Unlock an account: chuser account_locked=false <account>
- Reset counter: chsec -f /etc/security/lastlog -s <account> -a unsuccessful_login_count=0

Your help is very much appreciated.

Thanks.

Saviynt Forums

Granting Sudo Access in /etc/sudoers